Incident Detection, Email Attacks Continue to Cause Headaches for Companies

Companies struggle with quickly and accurately detecting security incidents

Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report published by F-Secure.

F-Secure’s new Incident Response Report summarizes findings from F-Secure’s incident response investigations and provides insights into how real hackers attack organizations.

The single most common source of breaches analyzed in the report was attackers exploiting vulnerabilities in an organization’s Internet-facing services, which accounted for about 21 percent of security incidents investigated by F-Secure’s incident responders. But phishing and emails with malicious attachments together accounted for about 34 percent of breaches, which F-Secure Principal Security consultant, Tom Van de Wiele, says make attacks arriving via email a much bigger pain point for organizations.

“Exploiting software vulnerabilities in drive-by scenarios is typical in opportunistic attacks, but breaching companies via email is actually far more common. There’s a lot of different ways different attackers can use email, and these attacks are popular because almost every company relies on email for communication,” Van de Wiele said. “People need to think before they click on attachments and links, but the pressures of many jobs overrides this logic, which attackers understand and exploit.”



Advertisement

Around The World